AbleCommerce Forums
»
AbleCommerce
»
General Questions
»
After upgrading 9.0.3 to 9.0.4 Seeing Error anti-forgery form field
Rank: Advanced Member
Groups: Authorized User, Registered, Developers, HelpDesk Joined: 11/30/2018(UTC) Posts: 84
Thanks: 8 times Was thanked: 1 time(s) in 1 post(s)
|
After upgrading from 9.0.3 to 9.0.4 all was good. Several hours later starting seeing this error in out logs. Quote:Controller: Members, Action: RegisterDialog, The required anti-forgery form field "__RequestVerificationToken" is not present.
"Exception: The required anti-forgery form field ""__RequestVerificationToken"" is not present. Stack Trace: at System.Web.Helpers.AntiXsrf.TokenValidator.ValidateTokens(HttpContextBase httpContext, IIdentity identity, AntiForgeryToken sessionToken, AntiForgeryToken fieldToken) at System.Web.Helpers.AntiXsrf.AntiForgeryWorker.Validate(HttpContextBase httpContext) at System.Web.Mvc.ControllerActionInvoker.InvokeAuthorizationFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor) at System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName) I'm not sure what is causing it but hope someone can steer my in the right direction. Also as a note after upgrading and then logging into to Admin to update the database I had to reset the SSL on the site (We use all pages)but for some reason I see there is also a USE Secure Cookies box that is also check able for securing. Any ideas on what this is for, what it secures and does it need to be checked? Thanks for any help that can be offered.
|
|
|
|
Rank: Administration
Groups: Admin, Administrators, HelpDesk, System, Authorized User, Developers, Registered Joined: 10/5/2018(UTC) Posts: 175
Thanks: 8 times Was thanked: 17 time(s) in 15 post(s)
|
Quote:I'm not sure what is causing it but hope someone can steer my in the right direction. Regarding the error, it looks like your login page is visited directly by some robot. I wonder if you its an IPN request from PayPal? You should be able to query ac_PageViews table for HTTP POST requests to login page with User Agents other then the known browsers. Quote:Also as a note after upgrading and then logging into to Admin to update the database I had to reset the SSL on the site (We use all pages)but for some reason I see there is also a USE Secure Cookies box that is also check able for securing. Any ideas on what this is for, what it secures and does it need to be checked? This provides added security by making cookies available only over HTTPS. You may have noticed a browse console warning on your browser Quote:Cookie “AC9.ASPXANONYMOUS” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read https://developer.mozill...ders/Set-Cookie/SameSite ac9.ablecommerce.com In 9.0.4, enabling the secure cookies will also remove the warning.
|
1 user thanked mazhar for this useful post.
|
|
|
Rank: Advanced Member
Groups: Authorized User, Registered, Developers, HelpDesk Joined: 11/30/2018(UTC) Posts: 84
Thanks: 8 times Was thanked: 1 time(s) in 1 post(s)
|
Mazhar thank you for replying back.
After I posted this issue with the Anti Forgery form field exception being thrown, it stopped after about 24hrs. I did not look at the ac-PageViews table to see if it was the PayPal bot or IPN problem we had experienced prior to this last update. Since we are no longer seeing it, we assume it has been fixed from the update to 9.0.4 We will monitor for now.
Also thank you for the explanation and info on the SmartSite attribute Cookie Policy SSL as well.
|
|
|
|
Rank: Advanced Member
Groups: Authorized User, Registered, Developers, HelpDesk Joined: 11/30/2018(UTC) Posts: 84
Thanks: 8 times Was thanked: 1 time(s) in 1 post(s)
|
Follow up from my last post earlier today.
As it turns out we are seeing this error again only when orders are being placed. This is a PayPal IPN issue. I know that this was a problem that was reported earlier here in the forums along with a quick fix to bypass the login page. However, at the time we chose not to do this, as we were ok with waiting for the update fix do out during the next release.
I'm hoping that there is a way to fix this once and for all. The Paypal plugin API's have never been an issue on any of our sites, causing us to add extra code or redirects to make it work correctly. Our goal is to keep AC9 a simple as possible without any customization's to standard out of the box plugins, that should work.
As the planets must have aligned today I just received this notice from PayPal several hours ago regarding IPN changes that will go into affect the beginning of May. I don't know if this has been implemented already or if we have to do this ourselves. If someone from Able can give some feedback, i would greatly appreciate it.
#################################################### PAYPAL EMAIL NOTICE ABOUT IPN'S
As a reminder, communicated through email in the first week of December 2020, PayPal is expanding the Instant Payments Notification (IPN) infrastructure used to notify merchants about events related to the status of PayPal transactions. This change has added seven new IP addresses from which IPNs are being sent since January 18, 2021.
Below are all of the IP addresses that are being used for IPN.
66.211.170.66 173.0.81.1 173.0.81.0/24 173.0.81.33 173.0.81.65 (New) 173.0.81.140 (New) 64.4.240.0/21 (New) 64.4.248.0/22 (New) 66.211.168.0/22 (New) 173.0.80.0/20 (New) 91.243.72.0/23 (New)
Call to Action
If you are implementing any Access Control List (ACL) or filters on IP addresses for the IPNs received from PayPal, we request that you add all the aforementioned IP addresses before May 3, 2021.
Doing so will help avoid missing IPNs from PayPal. If you have any further questions about this migration activity, please feel free to reach out to Merchant Technical Support (www.paypal-techsupport.com).
Thank you,
PayPal
Frequently Asked Questions (FAQ)
Will there be any service impacts?
IPN delivery to the merchant will fail, if a merchant does not add all of the aforementioned IP addresses found on the Status Page (https://www.paypal-status.com/history/eventdetails/31029) before the cutover date, May 3, 2021.
What are the actions required by merchants?
Please forward these changes to your network team/system admin or if you are using a third-party hosting service provider forward these details to their technical support team. If you require further support, please reach out to Merchant Technical Support (www.paypal-techsupport.com).
Merchants implementing any Access Control List (ACL) or filters on IP addresses for the IPNs received from PayPal, need to add all the aforementioned IP addresses before May 3, 2021. Doing so will help avoid missing IPNs from PayPal.
Are these changes coming up only in Production?
Yes.
Additional information:
PayPal Status Page (https://www.paypal-status.com/history/eventdetails/31029)
PayPal live IP addresses Help Center article (https://www.paypal.com/us/smarthelp/article/ts1056)
|
|
|
|
AbleCommerce Forums
»
AbleCommerce
»
General Questions
»
After upgrading 9.0.3 to 9.0.4 Seeing Error anti-forgery form field
Forum Jump
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.
Important Information:
The AbleCommerce Forums uses cookies. By continuing to browse this site, you are agreeing to our use of cookies.
More Details
Close